samba - May 2018 - named will not start after upgrade of CentOS

> On Sat, 12 May 2018 01:17:02 -0600
> "Paul R. Ganci via samba" <samba at lists.samba.org> wrote:
> 
>> Well I may have been over zealous and upgraded my Samba AD server to 
>> CentOS 7.5. After doing so the named service will not start. The
>> error message I get is:
>> 
>> May 12 00:50:55 nureyev named[11351]: Loading 'AD DNS Zone'
using
>> driver dlopen
>> May 12 00:50:55 nureyev named[11351]: dlz_dlopen of 'AD DNS
Zone'
>> failed May 12 00:50:55 nureyev named[11351]: SDLZ driver failed to
>> load. May 12 00:50:55 nureyev named[11351]: DLZ driver failed to load.
>> May 12 00:50:55 nureyev named[11351]: loading configuration: out of
>> memory May 12 00:50:55 nureyev named[11351]: exiting (due to fatal
>> error)
>> 
>> Everything was fine with the previous version of CentOS 7.4. If I 
>> comment out the line from /etc/named.conf
>> 
>> //        include "/var/lib/samba/private/named.conf";
>> 
> 
> Wrong 'include' line ;-)
> I think you will find that your /etc/krb5.conf starts with an
'include'
> line, remove this and your problem will go away.
> 
> Rowland
I have the same problem (no named starting after Centos Upgrade), but my
/etc/krb5.conf has no 'include' line :

[libdefaults]
	default_realm = INTRANET.MAGIGAS.LOCAL
	dns_lookup_realm = false
	dns_lookup_kdc = true

What can I do to restore named functionality?

Thank you

On Tue, 15 May 2018 15:30:08 +0200
Marco Coli via samba <samba at lists.samba.org> wrote:
> > On Sat, 12 May 2018 01:17:02 -0600
> > "Paul R. Ganci via samba" <samba at lists.samba.org>
wrote:
> > 
> >> Well I may have been over zealous and upgraded my Samba AD server
> >> to CentOS 7.5. After doing so the named service will not start.
The
> >> error message I get is:
> >> 
> >> May 12 00:50:55 nureyev named[11351]: Loading 'AD DNS
Zone' using
> >> driver dlopen
> >> May 12 00:50:55 nureyev named[11351]: dlz_dlopen of 'AD DNS
Zone'
> >> failed May 12 00:50:55 nureyev named[11351]: SDLZ driver failed to
> >> load. May 12 00:50:55 nureyev named[11351]: DLZ driver failed to
> >> load. May 12 00:50:55 nureyev named[11351]: loading configuration:
> >> out of memory May 12 00:50:55 nureyev named[11351]: exiting (due
> >> to fatal error)
> >> 
> >> Everything was fine with the previous version of CentOS 7.4. If I 
> >> comment out the line from /etc/named.conf
> >> 
> >> //        include "/var/lib/samba/private/named.conf";
> >> 
> > 
> > Wrong 'include' line ;-)
> > I think you will find that your /etc/krb5.conf starts with an
> > 'include' line, remove this and your problem will go away.
> > 
> > Rowland
> 
> I have the same problem (no named starting after Centos Upgrade), but
> my /etc/krb5.conf has no 'include' line :
> 
> [libdefaults]
> 	default_realm = INTRANET.MAGIGAS.LOCAL
> 	dns_lookup_realm = false
> 	dns_lookup_kdc = true
> 
> What can I do to restore named functionality?
> 
> Thank you
> 
Are you getting the same error message ?
If not, please the error message you are getting.

Please post your named.conf

Rowland

Il 15/05/2018 15:37, Rowland Penny via samba ha scritto:
> On Tue, 15 May 2018 15:30:08 +0200
> Marco Coli via samba <samba at lists.samba.org> wrote:
> 
>>> On Sat, 12 May 2018 01:17:02 -0600
>>> "Paul R. Ganci via samba" <samba at
lists.samba.org> wrote:
>>>
>>>> Well I may have been over zealous and upgraded my Samba AD
server
>>>> to CentOS 7.5. After doing so the named service will not start.
The
>>>> error message I get is:
>>>>
>>>> May 12 00:50:55 nureyev named[11351]: Loading 'AD DNS
Zone' using
>>>> driver dlopen
>>>> May 12 00:50:55 nureyev named[11351]: dlz_dlopen of 'AD DNS
Zone'
>>>> failed May 12 00:50:55 nureyev named[11351]: SDLZ driver failed
to
>>>> load. May 12 00:50:55 nureyev named[11351]: DLZ driver failed
to
>>>> load. May 12 00:50:55 nureyev named[11351]: loading
configuration:
>>>> out of memory May 12 00:50:55 nureyev named[11351]: exiting
(due
>>>> to fatal error)
>>>>
>>>> Everything was fine with the previous version of CentOS 7.4. If
I
>>>> comment out the line from /etc/named.conf
>>>>
>>>> //        include
"/var/lib/samba/private/named.conf";
>>>>
>>>
>>> Wrong 'include' line ;-)
>>> I think you will find that your /etc/krb5.conf starts with an
>>> 'include' line, remove this and your problem will go away.
>>>
>>> Rowland
>>
>> I have the same problem (no named starting after Centos Upgrade), but
>> my /etc/krb5.conf has no 'include' line :
>>
>> [libdefaults]
>> 	default_realm = INTRANET.MAGIGAS.LOCAL
>> 	dns_lookup_realm = false
>> 	dns_lookup_kdc = true
>>
>> What can I do to restore named functionality?
>>
>> Thank you
>>
> 
> Are you getting the same error message ?
> If not, please the error message you are getting.
> 
> Please post your named.conf
> 
> Rowland
Hello, the message is exactly the same:
mag 15 11:30:20 mail.magigas.local named[30186]: Loading 'AD DNS Zone'
using driver dlopen
mag 15 11:30:20 mail.magigas.local named[30186]: dlz_dlopen of 'AD DNS
Zone' failed
mag 15 11:30:20 mail.magigas.local named[30186]: SDLZ driver failed to load.
mag 15 11:30:20 mail.magigas.local named[30186]: DLZ driver failed to load.
mag 15 11:30:20 mail.magigas.local named[30186]: loading configuration:
out of memory
mag 15 11:30:20 mail.magigas.local named[30186]: exiting (due to fatal
error)
mag 15 11:30:20 mail.magigas.local systemd[1]: named.service: control
process exited, code=exited status=1
mag 15 11:30:20 mail.magigas.local systemd[1]: Failed to start Berkeley
Internet Name Domain (DNS).
mag 15 11:30:20 mail.magigas.local systemd[1]: Unit named.service
entered failed state.
mag 15 11:30:20 mail.magigas.local systemd[1]: named.service failed.

Here is named.conf (at the end I have other zones external to AD):

include "/etc/rndc.key";
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

include "/var/lib/samba/private/named.conf";

options {
//      listen-on port 53 { 127.0.0.1; };
//      listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
// //         memstatistics-file
"/var/named/data/named_mem_stats.txt";
        allow-query     { 10.0.0.0/16 ; 10.1.0.0/16 ; 192.168.100.0/24 ;
localhost; };
//      recursion yes;

        listen-on { any; };
        query-source address * port 53;


//      dnssec-enable yes;
//      dnssec-validation yes;
//      dnssec-lookaside auto;

        /* Path to ISC DLV key */
///     bindkeys-file "/etc/named.iscdlv.key";

//      managed-keys-directory "/var/named/dynamic";

        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

        forward first;
        forwarders {
                8.8.8.8;
                8.8.4.4;
//                151.99.125.2;
//                151.99.250.2;
//                213.92.5.54;
//                194.185.88.5;
//                151.99.125.3;
                };

};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};


controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
zone "." IN {
        type hint;
        file "named.ca";
};



zone "magigas.homelinux.com" IN {
       type master;
        file "homelinux";
        allow-update { none; };
        notify yes;
};

zone "magigas.it" IN {
       type master;
        file "magigas.it";
        allow-update { none; };
##        notify yes;
};

zone "magigas.eu" IN {
       type master;
        file "magigas.eu";
        allow-update { none; };
#        notify yes;
};


zone "villabasilicaenergy.eu" IN {
     type master;
        file "villabasilicaenergy.eu";
        allow-update { none; };
##        notify yes;
};


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


I have the same problem on 3 different machines, different location,
different AD domains.
For 2 (after the problem occurred on the first one),being Virtual, I did
a snapshot before, so I was able to reverse the problem.

sernet-samba-ad-4.8.1-9.el7.x86_64 on all 3. 2 of them are CentOs, the
third RHEL. Same behaviour.

Thank you.